
Design for Safety - The Ares Launch Vehicles Paradigm Change 


Fayssal M. Safie, Ph. D., 

NASA R&M Tech Fellow/ NASA Safety Center 

Gaspare Maggio 

Information Systems Laboratories 

4rd IAASS Conference 
Huntsville, Alabama 
May 19-21, 2010 


Although the Constellation Program has been redirected, the 
concepts and practices for the Ares 1 and Ares V vehicles are 
still valid for application to future crew launch vehicle and 
heavy launch vehicle designs 
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• The Paradigm change 

• The Safety and Mission Assurance (S&MA)Functional Roles Change 

• The S&MA Operating Environment Change 

• The S&MA Early Involvement in the Ares I Design Process 

• The Ares V/Earth Departure Stage (EDS) Conceptual Phase Loss of 
Mission (LOM) Assessment 

• Post conceptual Phase - Reliability Discussions 

• Concluding Remarks 
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The Paradigm Change 
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* In the past, space vehicle designers focused on performance. 

* Lessons learned from the Space Shuttle and other launch vehicles 
showed the need to optimize launch vehicles for other system 
parameters (reliability, safety, cost, availability, etc.) besides 
performance. 

* These lessons learned have forced a paradigm change on how to 
design and build new launch vehicles. 

* This paradigm change created a risk informed design environment 
which led to an early involvement of S&MA in the design process. 


F. Safie 
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The S&MA Functional Roles Change 
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- In the past, S&MA was tasked mainly to do the assurance function: Making certain that 
specified activities performed by others are performed in accordance with specified 
requirements. (Upper stage Engine and First Stage). Examples of the activities include: 

• Assess Hazard Analyses, FTAs, FMEA/CIL, PRA, etc. 

• Approving Material Review Board (MRB) dispositions. 

• Performing government inspections, audits, and surveillance. 

• Independent assessments. 

• Evaluating engineering and manufacturing changes, or proposed variances 
(adaptations, deviations, and waivers), for impacts to safety, reliability, and/or quality 

• Evaluating the disposition of problems, including corrective actions (e.g., PRACA 
problem reports) 

- Currently, in addition to its assurance function, S&MA is tasked to do an in-line function: 

Under the in-line function, S&MA activities are performed in direct support of the program/project 
to ensure that the program/project will achieve its objectives (Upper Stage and Vehicle 
Integration). Examples of the activities include: 

• Establish and implement S&MA programmatic and technical requirements. 

• Perform Probabilistic Risk Assessments, Reliability Analysis, Integrated System 
Failure Analysis, Hazard Analyses, Fault Tree Analyses, FMEA/CIL, etc. 

• Develop S&MA plans and methodologies. 

• Establish and implement Industrial Safety. 
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The S&MA Operating Environment Change 
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S&MA leading the Integrated Reliability and Safety Analysis 

(Example) 


The Ares I Integrated 
FMEA/CIL serves as input 
data to multiple related 
analyses 
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The S&MA Early involvement in the 
Ares I design process 
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* Example of S&MA involvement in the Ares I Design 

- Influenced the choice of the solution to the Thrust Oscillation issue. Jointly working 
with engineering and Ares I project, S&MA assessed the reliability, quality and safety 
impacts of the various design solutions to the thrust oscillation issue. 

- Influenced the design solution to the First Stage-Upper Stage separation issue. Jointly 
working with engineering and Ares I project, S&MA assessed the reliability and safety 
impacts of the various design solutions to the First Stage-Upper Stage separation 
issue. 

- Influenced the change of Linear Shape Charge (LSC) initiation timers from percussion 
to Flexible Confined Detonation Cord initiated timers (Flight Termination System) 

- Recommended pressurization line be moved out of cable tray to reduce risk to LSC 
and avionics (upper Stage) 

- Optimized valve design for reliability and safety for LH2 and L02 pressurization. 

- Identified issue with use of KC fittings in safety-critical applications and approach to 
qualifying fittings as providing two seals (upper Stage) 
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The Ares V/ EDS Conceptual Phase LOM 

Assessment 



* The S&MA lessons learned from Ares I were used to 
effectively support the Ares V conceptual design phase and 
help in planning for post conceptual phases. 

* The following set of charts contains a summary of the Ares 
V/EDS LOM risk assessment. 


Note: The following information are intended to share the LOM methodology 
and approach used during the conceptual design phase of Ares V and not 
meant to present the up-to-date absolute LOM numbers. 


6/14/2010 
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Traceability to the NASA’s Exploration System 
Architecture Study (ESAS) 
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The Ares V System Baseline Overview 


GLOW 

Payload Envelope L x D 
Shroud Jettison Mass 


8,156,803 Ibf 

25.3 ft x 30.0 ft 
19,953 Ibm 


V 


©, 


Altair Lunar Lander 


Payload Adapter 




Payload Shroud 


EDS Stage 

Propellants 
Usable Propellant 
Propellant Offload 
Stage liftoff pmf 
Launch Dry Mass 
TLI Burnout Mass 
Suborbital Burn Propellant 
Pre-TLI Jettison Mass 
LEO FPR 
# Engines / Type 
Engine Thrust (100%) 
Engine Isp (100%) 
Mission Power Level 
Suborbital Burn Time 
TLI Burn Time 


J-2X 



Loiter Skirt 


Interstage 


4 day LEO loiter 

LOX/LH2 
557,878 Ibm 
0.0 % 

0.8828 
52,912 Ibm 
58,194 Ibm 

330.000 Ibm 
7,344 Ibm 
8,553 Ibm 

1 / J-2X 

294.000 Ibf / 238,000 Ibf 

448.0 sec / 449.0 sec @ 

100.0 % / 81.0 % 

502.9 sec 

429.9 sec 
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Core Stage 

Propellants 
'Usable Propellant 
Propellant Offload 
Stage pmf 
Dry Mass 
Burnout Mass 
# Engines / Type 
Engine Thrust (108%) 
Engine Isp (108%) 
Mission Power Level 
Core Burn Time 


LOX/LH2 
3,499,458 Ibm 
0.0 % 

0.9014 
346,978 Ibm 
382,958 Ibm 
6 / RS-68 
702,055 Ibf @ 
364.9 sec @ 
108.0 % 

303.1 sec 


SL 

SL 


@ Vac 
Vac 


Booster (each) 

Propellants 
Overboard Propellant 
Stage pmf 
Burnout Mass 
# Boosters / Type 
Booster Thrust (@ 1 .0 secs) 
Booster Isp (@ 1 .0 secs) 
Burn Time 



PBAN . 

1,510,421 Ibm 
0.8656 
234,514 Ibm 
2 / 5.5 Segment SRM 
3,744,000 Ibf @ Vac 
275.7 sec (3> Vac 
1 16.4 sec 


Methodology 
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• Building on ESAS Analysis: with similar analysis methodology but 
Ares focused. 

• Models use: 

* Physics-informed parametric algorithms. 

* Vehicle and system heritage data. 

* Expert solicitation and engineering judgment. 

* Models are designed to interface with performance 
analysis output. 


National Aeronautics and Space Administration 
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Methodology 

Functional/System Breakdown 
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Preliminary Vehicle Performance and Sizing Inputs 
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Reliability 
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Ares V/ EDS Operational Timelines 
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Ares/EDS Ascent Phase 

j 



T+0 

EDS On Orbit Phase 


T+13.5mins 

EDS TLl/Disposal Phase 

T+4days, 8,25hrs 


1 

r 


■ T+0:Launch 

T + 58.4 secs: Max Q - Alt 11,950 m (39,206) Mach 1.59 


1+107.7 secs : SRB Staging -All 36,523 m (119.82 5) - Mach 3.95 

T+293,8 secs : Shroud Jetlison-Alt 122,683 m (402.503) - Mach 9.79 



T+329 secs : Core Staging. 'EDS Ignition -Alt 145,586 m (477,64 5) - Mach 8,48 
T+8 minutes : £05 Insertion Burn 




- T+ 13.48 minutes: EDS MECO : 245.033 m (803.914) 


T+IOmin T+ISmin 
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The Ares V/ EDS Operational Timelines 
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EDS Ascent Phase 

| EDS On Orbit Phase I 

EDS TLI/Disposal Phase 


T+G 


T+13.5mins 


T+4days r 8.25hrs 



▼Re -orient to Loiter Attitude 

LEO Loiter Opera tions : Alt 241km - 239km {130-129 Nmi) - 1 day 

^Re-orient For Docking With Orion 
RPOD with Orion : 4 hours 
Re-orient to Loiter Attitude 

L±Q Loiter Operations : Alt 2i9km - 2 j 1.5km (129- 125 Nmi) - i days 

Re-orient For TLI 
Preparation for TLI : 2 hours 


T+lday 


T+4days 
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The Ares V/ EDS Operational Timelines 



NSC 

NASA SAFETY CENTER 


EDS Ascent Phase 


T+0 


EDS On Orbit Phase 


lT+13.5mins 


+ 



EDS Tll/Disposal Phase 


T+4days, 8.25hrs 


Tran& • Lunar Injection : 7 minutes- 

Preparation for Altai r/On cm Sepaidl ion 

Akair/Ondn Separation from. LDS 
Co Aii Until Disposal Gurn 

JDispos^l Curn 

Sate EPS and Prepar e For Shut-down 
» Shutdown 


T+0 


+ 


1 

T+4days, 9hrs 


1 

T+4days, lOhrs 


T+4days, 8.25hrs 
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LOM Results Across the Mission Profile 


NSC 

NASA SAFETY CENTER 


m 

Launch 

Site 


Liftoff 


Liftoff thru Core Stage Separation 
Requirement =1 in 125 
51.00.43 LOM = 1 in 93 


i i i 

| Core Stage Sep thru |Orbit Insertion thru EDS | 
| Orbit Insertion | Separation | 

51.00.48 LOM = 1 in 550 ! 51.00.48 LOM = 1 in 430 ! 


Core Stage Separation 
& EDS J-2X Ignition 


EDS LOM is approx. 1/240 



EDS Disposal 


SRB 

Splashdown 


Core Stage 
Impact 


CEV Rendez vous & 
Dock w EDS 


LOM across the time line is Approx. 1/67 
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LOM Results 
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Mission LOM Risk 

On-Orbit Loiter 



Orbit Insertion = 



Element LOM Risk 
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A Major Design Change 
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One of the main changes made to the original LCCR EDS design is the 
replacement of the Solar Arrays with Fuel Cells which are jettisoned 
along with the Loiter skirt prior to the TLI burn. 


Batteries, Electronics, Forward Skirt 
Harness, Converter-to-Lander, 
Power Disconnects 


Harness 

(Systems 

Tunnel) 


Power Disconnects 


Fuel Cell, Electronics, Loiter 
Skirt Harness 


With an expected improvement in reliability 
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Achievability Assessment 
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♦ The Ares V LOM Requirement: Ares V shall limit their contribution to 
the risk of Loss of Mission (LOM) for Lunar missions to no greater 
than 1 in 125. Applicability: Ares V as stated in the requirement has 
been assumed to mean the basic launch vehicle (Core Stage, First 
Stage Booster, RS-68 Engines, necessary guidance and control, etc.) 
performing ascent to EDS separation. 

• Achievability: 

- The LOM assessment showed that achievability may be a challenge, particularly 
with a configuration of 6 RS-68 engines having no engine-out capability. 

♦ The EDS LOM Requirement: Ares V EDS shall limit their 
contribution to the risk of Loss of Mission (LOM) for Lunar missions to 
no greater than 1 in 250. 

• Achievability: 

- The LOM assessment showed that the EDS shows promise of being able to 
meet the requirement. 
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Post conceptual Phase 
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Reliability Discussions 


Post Conceptual Design Phase 
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• During conceptual design phase: 

- Probabilistic risk Assessment (PRA) is intended to support the 
system configuration selection, functional analysis is used, and basic 
events are at the box level (e.g. loss of propulsion due to SRB, SRM, 
J2-X, etc.) 

• In Post conceptual design phases: 

- PRA is intended to support component and system design 

- The standard PRA methodology is applied. 

- Issues are identified and more in-depth analysis are performed. 

- Extensive reliability effort is planned to support the Ares V subsystem 
and component design. 
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Operational Reliability 
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Design Reliability 
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Design Process 


*Loads 

•Environments 

•Usage 

•Sizing 

•Materials 

•Geometry 


Operating 

Stress 


Materials 

Production 
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•Acceptance 

Testing 

•Qualification 

Testing 
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Baseline Material 
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Process Reliability 
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Concluding Remarks 
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• The lessons learned from the S&MA early involvement in the Ares I launch vehicle 
design phases proved that performing an in-line function jointly with engineering 
is critical for S&MA to have an effective role in supporting the system, element, 
and component design. 

• These lessons learned were used to effectively support the Ares V conceptual 
design phase and planning for post conceptual design phases. 

• The Top level Conceptual LOM assessment for Ares V performed by the S&MA 
community jointly with the engineering Advanced Concept Office (ACO) was 
influential in the final selection of the Ares V system configuration. 

• Post conceptual phase, extensive reliability effort should be planned to support 
future Heavy Lift Launch Vehicles (HLLV) design. In-depth reliability analysis 
involving the design, manufacturing, and system engineering communities is 
critical to understand design and process uncertainties and system integrated 
failures. 
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